Skip to content

Enumeration - Host

Find Gateway by route command

route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    0.0.0.0         10.0.2.1        0.0.0.0         UG    100    0        0 eth0
    10.0.2.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0

netdiscover

sudo netdiscover -r 10.0.2.1/24
     Currently scanning: Finished!   |   Screen View: Unique Hosts                                                                                               

     4 Captured ARP Req/Rep packets, from 4 hosts.   Total size: 240                                                                                             
     _____________________________________________________________________________
       IP            At MAC Address     Count     Len  MAC Vendor / Hostname      
     -----------------------------------------------------------------------------
     10.0.2.1        52:54:00:12:35:00      1      60  Unknown vendor                                                                                            
     10.0.2.2        52:54:00:12:35:00      1      60  Unknown vendor                                                                                            
     10.0.2.3        08:00:27:4a:f0:14      1      60  PCS Systemtechnik GmbH                                                                                    
     10.0.2.5        08:00:27:3b:43:42      1      60  PCS Systemtechnik GmbH

nmap scan base on the Gateway

nmap -n -sP 10.0.2.1/24
    Nmap scan report for 10.0.2.1  Host is up (0.00035s latency). 
    Nmap scan report for 10.0.2.2 Host is up (0.00052s latency).
    Nmap scan report for 10.0.2.4 Host is up (0.00021s latency).
    Nmap scan report for 10.0.2.5 Host is up (0.00050s latency).

mask to cidr

CIDR Length Mask Networks Hosts
1 128.0.0.0 128 A 2,147,483,392
2 192.0.0.0 64 A 1,073,741,696
3 224.0.0.0 32 A 536,870,848
4 240.0.0.0 16 A 268,435,424
5 248.0.0.0 8 A 134,217,712
6 252.0.0.0 4 A 67,108,856
7 254.0.0.0 2 A 33,554,428
8 255.0.0.0 1 A 16,777,214
9 255.128.0.0 128 B 8,388,352
10 255.192.0.0 64 B 4,194,176
11 255.224.0.0 32 B 2,097,088
12 255.240.0.0 16 B 1,048,544
13 255.248.0.0 8 B 524,272
14 255.252.0.0 4 B 262,136
15 255.254.0.0 2 B 131,068
16 255.255.0.0 1 B 65,024
17 255.255.128.0 128 C 32,512
18 255.255.192.0 64 C 16,256
19 255.255.224.0 32 C 8,128
20 255.255.240.0 16 C 4,064
21 255.255.248.0 8 C 2,032
22 255.255.252.0 4 C 1,016
23 255.255.254.0 2 C 508
24 255.255.255.0 1 C 254
25 255.255.255.128 2 subnets 124
26 255.255.255.192 4 subnets 62
27 255.255.255.224 8 subnets 30
28 255.255.255.240 16 subnets 14
29 255.255.255.248 32 subnets 6
30 255.255.255.252 64 subnets 2
31 255.255.255.254 none none
32 255.255.255.255 1/256 C 1